2.1.3 Verifying Package Integrity Using MD5 Checksums or GnuPG

After you have downloaded the MySQL package that suits your needs
and before you attempt to install it, you should make sure that it
is intact and has not been tampered with. There are three means of
integrity checking:

MD5 checksums

Cryptographic signatures using GnuPG, the
GNU Privacy Guard

For RPM packages, the built-in RPM integrity verification
mechanism

The following sections describe how to use these methods.

If you notice that the MD5 checksum or GPG signatures do not
match, first try to download the respective package one more time,
perhaps from another mirror site.